Enable DNSBL or RBL on Zimbra Rumi, January 26, 2019 DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to fight spam emails. It is a blacklist of source IP addresses that have a reputation of sending spam emails. Most email systems can be configured to check these lists and block or flag emails that were sent from domains/IPs listed there. The ‘Blackhole List’ is sometimes called ‘blacklist’ by email admins. In this tutorial, we’ll see how we can configure RBL with Zimbra using both GUI and CLI. Method 1 – GUI: Login to the Zimbra admin console – https://mail.example.com:7071, and then go to Configure. Then, go to Global Settings. Next, go to MTA. I’ve enabled some parameters to harden the server, and added the RBLs that Zimbra supports. You could add the RBLs of your choice here. Save your settings. There no need to do any service restarts. Zimbra should detect (zmconfigd) the config changes and apply them. Method 2 – CLI: Login to the server, and switch to the user zimbra. # su – zimbra First, let us check if there are any existing policies in place. $ zmprov gacf | grep zimbraMtaRestriction Great! Now let’s add a couple of RBLs using zmprov. Zimbra uses the these RBLs. $ zmprov mcf \ zimbraMtaRestriction reject_invalid_helo_hostname \ zimbraMtaRestriction reject_non_fqdn_sender \ zimbraMtaRestriction “reject_rbl_client zen.spamhaus.org” \ zimbraMtaRestriction “reject_rbl_client psbl.surriel.com” \ zimbraMtaRestriction “reject_rbl_client b.barracudacentral.org” \ zimbraMtaRestriction “reject_rhsbl_client dbl.spamhaus.org” \ zimbraMtaRestriction “reject_rhsbl_client multi.uribl.com” \ zimbraMtaRestriction “reject_rhsbl_client multi.surbl.org” \ zimbraMtaRestriction “reject_rhsbl_reverse_client dbl.spamhaus.org” \ zimbraMtaRestriction “reject_rhsbl_sender multi.uribl.com” \ zimbraMtaRestriction “reject_rhsbl_sender multi.surbl.org” \ zimbraMtaRestriction “reject_rhsbl_sender rhsbl.sorbs.net” \ zimbraMtaRestriction “reject_rhsbl_sender dbl.spamhaus.org” That’s it. There is no need for any service restarts, zmconfigd should detect the changes and push the config to Zimbra and postfix. Troubleshooting and Verifying No matter whether you made the change using GUI or CLI, the troubleshooting and verification method is the same. The log file /var/log/zimbra.log is your friend. It should contain most of the information needed for any Zimbra troubleshooting. In this case, the logs should contain entries like this- # tail -f /var/log/zimbra.log May 3 22:36:02 mail zmconfigd[9417]: Fetching All configs May 3 22:36:02 mail zmconfigd[9417]: All configs fetched in 0.04 seconds May 3 22:36:05 mail zmconfigd[9417]: Watchdog: service antivirus status is OK. May 3 22:36:05 mail zmconfigd[9417]: Var zimbraMtaRestriction changed from ‘reject_invalid_helo_hostname reject_non_fqdn_sender reject_rbl_client cbl.abuseat.org’ -> ‘reject_invalid_helo_hostname reject_non_fqdn_sender reject_rhsbl_sender dbl.spamhaus.org’ May 3 22:36:05 mail zmconfigd[9417]: Var zmconfigd/smtpd_recipient_restrictions.cf changed from ‘#reject_non_fqdn_recipient, #permit_sasl_authenticated, #permit_mynetworks, #reject_unlisted_recipient, #reject_invalid_helo_hostname, #reject_non_fqdn_helo_hostname, #reject_non_fqdn_sender, #reject_unknown_client_hostname, #reject_unknown_reverse_client_hostname, #reject_unknown_sender_domain, #reject_rbl_client zen.spamhaus.org, #reject_rbl_client psbl.surriel.com, #reject_rbl_client b.barracudacentral.org, #reject_rhsbl_client dbl.spamhaus.org, #reject_rhsbl_client multi.uribl.com, #reject_rhsbl_client multi.surbl.org, #reject_rhsbl_reverse_client dbl.spamhaus.org, #reject_rhsbl_sender multi.uribl.com, #reject_rhsbl_sender multi.surbl.org, #reject_rhsbl_sender rhsbl.sorbs.net, #reject_rhsbl_sender dbl.spamhaus.org, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_rbl_client cbl.abuseat.org, permit’ -> ‘#reject_non_fqdn_recipient, #permit_sasl_authenticated, #permit_mynetworks, #reject_unlisted_… May 3 22:36:05 mail zmconfigd[9417]: …recipient, #reject_invalid_helo_hostname, #reject_non_fqdn_helo_hostname, #reject_non_fqdn_sender, #reject_unknown_client_hostname, #reject_unknown_reverse_client_hostname, #reject_unknown_sender_domain, #reject_rbl_client zen.spamhaus.org, #reject_rbl_client psbl.surriel.com, #reject_rbl_client b.barracudacentral.org, #reject_rhsbl_client dbl.spamhaus.org, #reject_rhsbl_client multi.uribl.com, #reject_rhsbl_client multi.surbl.org, #reject_rhsbl_reverse_client dbl.spamhaus.org, #reject_rhsbl_sender multi.uribl.com, #reject_rhsbl_sender multi.surbl.org, #reject_rhsbl_sender rhsbl.sorbs.net, #reject_rhsbl_sender dbl.spamhaus.org, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_client multi.uribl.com, reject_rhsbl_client multi.surbl.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sende… May 3 22:36:05 mail zmconfigd[9417]: …r multi.uribl.com, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_sender rhsbl.sorbs.net, reject_rhsbl_sender dbl.spamhaus.org, permit’ The changes also reflect in the output of zmprov command. $ zmprov gacf | grep zimbraMtaRestriction zimbraMtaRestriction: reject_invalid_helo_hostname zimbraMtaRestriction: reject_non_fqdn_sender zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org zimbraMtaRestriction: reject_rbl_client psbl.surriel.com zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org zimbraMtaRestriction: reject_rhsbl_client multi.uribl.com zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org zimbraMtaRestriction: reject_rhsbl_sender multi.uribl.com zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org Finally, postfix is the underlying service that would do the actual RBL checks. We can verify if the parameters have been injected to postfix using postconf. # su – zimbra $ postconf | grep smtpd_recipient_restrictions smtpd_recipient_restrictions = #reject_non_fqdn_recipient, #permit_sasl_authenticated, #permit_mynetworks, #reject_unlisted_recipient, reject_invalid_helo_hostname, #reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, #reject_unknown_client_hostname, #reject_unknown_reverse_client_hostname, #reject_unknown_sender_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_client multi.uribl.com, reject_rhsbl_client multi.surbl.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender multi.uribl.com, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_sender rhsbl.sorbs.net, reject_rhsbl_sender dbl.spamhaus.org, permit Hope this helps. Src: http://amar-linux.blogspot.com/2017/05/how-to-enable-dnsbl-or-rbl-on-zimbra-to.html https://wiki.zimbra.com/wiki/Anti-spam_Strategies Related Administrations Configurations (Linux) DNSBLRBLzimbra
Install Apache Tomcat 8.5 on CentOS 7.3 December 10, 2017 Prerequisites Server with CentOS 7 – 64bit 2 GB or more RAM (Recommended) Root Privileges on the server Step 1 – Install Java (JRE and JDK) In this step, we will install the Java JRE and JDK from the CentOS repository. We will install Java 1.8.11 on the server with… Read More
How to setup MRTG on Centos (RHEL) 4.x and 5.x? February 9, 2010July 30, 2011 MRTG stands for "Multi Router Traffic Grapher", and it is a tool to monitor the traffic load on the network interfaces. It generates HTML pages containing PNG images which depicts visual representation of inbound and outbound traffic. MRTG is free software designed by Tobi Oetiker and is licensed under the… Read More
Install and Secure Redis on CentOS 7 July 21, 2021 Step 1 – Install and Enable Remi Repository Firstly, we will add the Remi repository to the CentOS 7 system. The Remi repository provides the latest version of Redis package for our installation. Before adding the Remi repository, let’s install the EPEL repository and yum utility packages. sudo yum install… Read More